Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco NAC policy sync

I have a failover CAM configured, one is configured as the Master and the other one is receiver.

when I do manual sync between them this is what happen:

Successfuly completed pre-sync check with 10.10.80.248

then I click continue it fails to sync:

this is the log :

*************** Master Log ***************

Starting policy import/export on Policy Sync Master.

Created dump file for policy: Device Management > Filters > Devices (all Access Types other than ROLE and CHECK)

Created dump file for policy: User Management > User Roles > List of Roles/Schedule

Created dump file for policy: Device Management > Clean Access > Clean Access Agent > Role-Requirements

Created dump file for policy: Device Management > Filters > Devices (Access Type ROLE and CHECK only)

Created dump file for policy: User Management > Traffic Control > IP

Created dump file for policy: User Management > Traffic Control > Host

Created dump file for policy: User Management > Traffic Control > Ethernet

Dump file creation is complete.

Created policy import/export dump file.

No file available for policy sync as large object.

Created  policy import/export header file.

Created policy import/export tar file.

*************** Receiver Log ***************

Starting policy import on Policy Sync Receiver.

Hash value is a match.

Policy Sync Master and Receiver CAM versions match.

The Policy Sync Reciever is not active, Please retry policy sync later.

Failed to store all policies on Policy Sync Receiver.

Receiver failed sync

2 REPLIES
Cisco Employee

Re: Cisco NAC policy sync

Hi,

Please note that this feature is not meant to be used between 2 CAMs of an HA pair.

As you can see on the config guide:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_admin.html#wp1050935,

- All CAMs must run release 4.5 or later to enable Policy Sync.

- On CAM HA-pairs, Policy Sync settings are disabled for the Standby CAM.

So, this means you can use this feature only in active CAMs or Standalone CAMs.

In HA pairs, Only the Active CAM will be active for this feature.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

New Member

Re: Cisco NAC policy sync

thanks for your response

384
Views
5
Helpful
2
Replies